Categories

Python for penetration testers

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them.

Most of the listed tools are written in Python, others are just bindings for existing C libraries, i.e. they make those libraries easily usable from Python programs.

Network

Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library

“MAC Address Scrambling“- By name itself we can understand, instead of using burned-in address, the machines uses random MAC address every time. The machine/device changes MAC address regularly to improve security. MAC address is 48 bit hexadecimal digit which is burned in every electronic device has capability of “connectivity” such as mobile devices, smart TV, PC, etc. “Apple” added this feature to iPhones from iOS8 to protect user’s privacy.

So, how static MAC address causes some security issues? First thing caught in my mind is this

According to Edward Snowden, the National Security Agency has a system that tracks the movements of everyone in a city by monitoring the MAC addresses of their electronic devices. As a result of users being trackable by their devices’ MAC addresses, Apple has started using random MAC addresses in their iOS line of devices while scanning for networks.If random MAC addresses are not used, researchers have confirmed that it is possible to link a real identity to a particular wireless MAC address.

Special Device Files:

/dev/random – Special file that serves as a blocking pseudorandom number generator. It allows access to environmental noise collected from device drivers and other sources.(Block until additional environmental noise is gathered)[Read man]

/dev/zero – Provides as many null characters as are read from it [Read More]

Directories:

/var/lock/ – Store lock files, which are simply files used to indicate that a certain resource (a database, a file, a device) is in use and should not be accessed by another process. Aptitude, for example, locks its database when a package manager is running.

/var/run – Used to store .pid files, which contain the process id of a running program. This is commonly used in services or other programs that need to make their process id’s available to other processes.

Some times you might need https to securely send data to an API(Or access website), but the API might not officially support https or it could be some other reasons will stick to HTTP which is insecure. I also encountered similar situation, I used TSDB to store time series date, but the TSDB supports only http , but not https. So, I decided to put a HTTPS proxy in front of original API. Since I don’t have much knowledge on apache, after a long Internet search, I finally found the solution and I just want to share